Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISC Open Source Projects
BIND
Commits
5095e72a
Commit
5095e72a
authored
Mar 21, 2011
by
Mark Andrews
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
parent
653cad79
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
70 additions
and
5 deletions
+70
-5
CHANGES
CHANGES
+3
-0
bin/tests/system/dnssec/ns2/named.conf
bin/tests/system/dnssec/ns2/named.conf
+8
-1
bin/tests/system/dnssec/ns2/sign.sh
bin/tests/system/dnssec/ns2/sign.sh
+19
-1
bin/tests/system/dnssec/ns3/named.conf
bin/tests/system/dnssec/ns3/named.conf
+7
-1
bin/tests/system/dnssec/tests.sh
bin/tests/system/dnssec/tests.sh
+31
-1
lib/dns/zone.c
lib/dns/zone.c
+2
-1
No files found.
CHANGES
View file @
5095e72a
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
...
...
bin/tests/system/dnssec/ns2/named.conf
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
3
4
201
0
/
11
/
16
01
:
14
:
51
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
3
5
201
1
/
03
/
21
01
:
02
:
39
marka
Exp
$ */
//
NS2
...
...
@@ -33,6 +33,7 @@ options {
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
notify
-
delay
1
;
};
zone
"."
{
...
...
@@ -95,4 +96,10 @@ zone "algroll" {
file
"algroll.db.signed"
;
};
zone
"nsec3chain-test"
{
type
master
;
file
"nsec3chain-test.db.signed"
;
allow
-
update
{
any
;};
};
include
"trusted.conf"
;
bin/tests/system/dnssec/ns2/sign.sh
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.4
7
2011/03/
05 06:35:41
marka Exp $
# $Id: sign.sh,v 1.4
8
2011/03/
21 01:02:39
marka Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -162,3 +162,21 @@ keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat
$infile
$keynew1
.key
$keynew2
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-o
$zone
-k
$keyold1
-k
$keynew1
$zonefile
$keyold1
$keyold2
$keynew1
$keynew2
>
/dev/null
#
#
#
zone
=
nsec3chain-test
zonefile
=
nsec3chain-test.db.signed
cat
>
$zonefile
<<
EOF
@ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
@ 10 NS ns2
@ 10 NS ns3
ns2 10 A 10.53.0.2
ns3 10 A 10.53.0.3
EOF
awk
'END { for (i = 0; i < 1000; i++)
print "host" i, 10, "NS", "ns.elsewhere"; }'
< /dev/null
>>
$zonefile
k
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
-fk
$zone
`
k
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
bin/tests/system/dnssec/ns3/named.conf
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
4
5
2011
/
03
/
05
06
:
35
:
41
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
4
6
2011
/
03
/
21
01
:
02
:
39
marka
Exp
$ */
//
NS3
...
...
@@ -217,4 +217,10 @@ zone "split-smart.example" {
file
"split-smart.example.db"
;
};
zone
"nsec3chain-test"
{
type
slave
;
file
"nsec3chain-test.bk"
;
masters
{
10
.
53
.
0
.
2
; };
};
include
"trusted.conf"
;
bin/tests/system/dnssec/tests.sh
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.8
2
2011/03/
05 19:39:06 each
Exp $
# $Id: tests.sh,v 1.8
3
2011/03/
21 01:02:39 marka
Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -1252,5 +1252,35 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check that NOTIFY is sent at the end of NSEC3 chain generation (
$n
)"
ret
=
0
(
echo
zone nsec3chain-test
echo
server 10.53.0.2 5300
grep
DNSKEY ns2/Knsec3chain-test.
*
.key |
sed
-e
's/.*://'
-e
's/^/update add /'
-e
's/IN/300 IN/'
echo
update add nsec3chain-test. 0 nsec3param 1 0 1 -
echo
send
)
|
$NSUPDATE
for
i
in
1 2 3 4 5 6 7 8 9
do
$DIG
$DIGOPTS
nsec3param nsec3chain-test @10.53.0.2
>
dig.out.ns2.test
$n
||
ret
=
1
if
grep
"ANSWER: 2,"
dig.out.ns2.test
$n
>
/dev/null
then
break
;
fi
echo
"I:sleeping ...."
sleep
3
done
;
grep
"ANSWER: 2,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:nsec3 chain generation not complete"
;
fi
sleep
3
$DIG
$DIGOPTS
+noauth +nodnssec soa nsec3chain-test @10.53.0.2
>
dig.out.ns2.test
$n
||
ret
=
1
$DIG
$DIGOPTS
+noauth +nodnssec soa nsec3chain-test @10.53.0.3
>
dig.out.ns3.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns3.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
exit
$status
lib/dns/zone.c
View file @
5095e72a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.59
7
2011/03/
17 05:21:50
marka Exp $ */
/* $Id: zone.c,v 1.59
8
2011/03/
21 01:02:39
marka Exp $ */
/*! \file */
...
...
@@ -6285,6 +6285,7 @@ zone_nsec3chain(dns_zone_t *zone) {
LOCK_ZONE(zone);
zone_needdump(zone, DNS_DUMP_DELAY);
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
UNLOCK_ZONE(zone);
done:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment